Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bladeenc | bladeenc | 0.92.7 |
| bladeenc | bladeenc | 0.94.2 |
| bladeenc | bladeenc | 0.93.10 |
| bladeenc | bladeenc | 0.94.1 |
| bladeenc | bladeenc | 0.94.0 |
A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bladeenc | bladeenc | 0.94.2 |